Evaluation Study on Network Traffic Analysis-Based Tools in Intrusions Detection

Authors

  • Mohammad Yamen Ayman Hallak Damascus university
  • Ghassan Hassan Chaddoud Lecturer at Department of Computer Systems, Faculty of Information Technology Engineering, Damascus University. g.chaddoud@damascusuniversity.edu.sy 
  • Ali Mohammed Hammad Damascus university

Keywords:

Network Traffic Analysis, Intrusion Detection Systems, Covert Channels

Abstract

Network operators and network service providers are increasingly interested in network traffic analysis over the past decade, and network traffic analysis is a method of examining data as it flows through the network. In other words, network traffic analysis is a procedure carried out by the network administration to examine the data belonging to the network users for the purpose of analyzing it, dealing with network congestion, perform statistical

operations, monitor user behavior and detect attacks. To prevent sabotage, network traffic analysis has been employed in intrusion detection systems, which rely on network traffic analysis first, and secondly, searching for indicators and evidence of intrusions, one of which may be the search for abnormal network traffic patterns for known patterns.

Detecting indicators of an attack is not an easy task, and it becomes more difficult with modern applications such as social media applications that care about privacy and maintain the confidentiality of transmitted data, and the presence of covert channels that allow data leakage, which may include malicious software, which is often ignored by well-known intrusion detection systems. As a result, studying network traffic analysis tools and evaluating the effectiveness and performance of intrusion detection systems are important for network operators as a first step in choosing the appropriate system, and subsequently developing their existing system.

In this research, a study of some network traffic analysis tools such as: TCPDump and Wireshark, and an evaluation of the two intrusion detection systems: Snort and Suricata in terms of: detect various attacks targeting the confidentiality, integrity and availability of data and computer resources including covert channels attacks; load balancing on processing cores; consumption of computer resources; the ability of detection systems to receive and process network packets, and drop network packets and alerts; in addition to studying the possibility of improving these systems

 

Downloads

Download data is not yet available.

Author Biographies

  • Mohammad Yamen Ayman Hallak, Damascus university

    Master Student - Department of Computer Systems and Networks – Faculty of Information Technology Engineering – Damascus University.

  • Ali Mohammed Hammad, Damascus university

    Lecturer at Department of Computer Systems and Networks - Faculty of Information Technology Engineering – Damascus University.

Downloads

Published

— Updated on 2025-02-02

Issue

Vol. 40 No. 4 (2024): Damascus University Journal for engineering sciences

Section

المقالات

How to Cite

Evaluation Study on Network Traffic Analysis-Based Tools in Intrusions Detection. (2025). Damascus University Journal for Engineering Sciences, 40(4). https://journal.damascusuniversity.edu.sy/index.php/engj/article/view/6119